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© IC card system. 



© Application program data is sent with decryption key 
code data from an initializing IC card to an application pro- 
gram RAM (15) arranged in an IC card terminal (1). The 
terminal (1 ) is then initialized, and customer IC card reception 
preparation is completed. 
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IC card system 



The present invention relates to an IC card system 
with an IC card terminal. 

When cash handling equipment such as an electronic 
cash register is used, a mechanical key lock mechanism is 
arranged to prevent a third party other than an authorized 
operator from using the equipment In other words, elec- 
tronic cash register will not operate unless the authorized 
operator releases the key lock using a master key, thus 
preventing illegal use of the register. 

A conventional key lock system of this type can also 
be applied to an IC card terminal which is used with an IC 
card. 

The conventional key lock system, however, has the 
following drawbacks: 

1. Since the key lock mechanism is a mechanical one, the 
key can be easily copied. 

2. A key lock mechanism must be arranged independently 
of the mechanism inherent in the system, and thus the 
overall system becomes expensive. 

3. Since the key must be held in a corresponding key slot 
to continuously release the key lock state while the system 
is being operated, the key may be stolen. In addition, the 
number of keys needed is the same as that of the IC card 
terminals. 



In an IC card system, countermeasures against illegal 
use must be provided in the same way as for the electronic 
cash register. However, an effective countermeasure has 
not so far, been realized. 

It is an object of j^e^ present .inye^tign tq^pjQvXa^^aij^IQ^ 
card system with an" IC* card terminal, which prevents a 
third party other than an authorized operator from making 
illegal use thereof and which is operated with security. 

According to the present invention, there is provided an 
IC card system comprising: an IC card terminal; an initializ- 
ing means which store data defining operation of the IC 
card terminal for initializing the IC card terminal; and a 
customer IC card used with the IC card terminal. 

According to the present invention, there is further 
provided an IC card system comprising: an IC card terminal 
with first memory means for storing man program data 
used for a transaction with a customer, and second memory 
means for storing data defining initialization; an initializing 
means having an initializing memory for storing the initializa- 
tion defining data to be supplied to the second memory 
means; and a customer IC card used for a transaction with 
a customer in combination with the IC card terminal. 

This invention can be more fully understood from the 
following detailed description when taken in conjunction with 
the accompanying drawings, in which: 

Fig. 1 is a perspective view showing an overall configura- 
tion of an IC card system according to an embodiment of 
the present invention; 

Rg. 2A is a block diagram showing a circuit arrangement of 
a terminal in Fig. 1 ; 

Fig. 2B Is an address data format of a memory in Fig. 2A; 

Rg- 3 is a block diagram showing a circuit arrangement of 
an initializing IC card in Fig. .1 ; 



Fig. 4 is a block diagram showing a circuit arrangement of a 
customer IC card in Rg. 1 ; and 

5 Figs. 5 to 8 are flow charts for explaining the operations of 
the IC card system in Rg. 1 . 



An IC card system according to an embodiment of the 
10 present invention will be described in detail with reference 
to the accompanying drawings. In the following embodiment 
application program data including system software and 
decryption code data is statically stored in an initializing 
memory arranged in an initializing IC card. At the time of 
15 system initialization, application program data is loaded in 
an IC card terminal. A transaction can then be performed 
using the customer IC card with the IC card terminal. 

Rg. i is a perspective view showing an overall con- 
figuration of an IC card system according to an embodiment 
20 of the present invention. Referring to Fig. 1, IC card termi- 
nal 1 is divided into terminal body 2 and key input section 
3. Body 2 is electrically connected to section 3 through 
cable 4. Keyboard 5 and display section 6 are arranged in 
section 3. 

25 Body 2 has IC card insertion slot 7. Initializing IC card 

8 and customer IC card 9 are selectively inserted in slot 7. 
Fig. 1 shows a state wherein card 8 is inserted in slot 7. 
Caution lamps A, B and C for indicating abnormal oper- 
ations, and normal operation indicator lamp D are arranged 

30 on body 2. In this embodiment assume that terminal l is 
installed in a store and that a customer with IC card 9 
makes a credit purchase. Since body 2 is connected to 
section 3 through cable 4, the customer can input his 
, v ^pjejpror^ iderrtffi^ 

35 by a store clerk standing near body 2. Connectors 10a and 
1 0b are arranged on the surfaces of cards 8 and 9, 
respectively. When cards 8 and 9 are selectively inserted in 
slot 7, connectors 10a and 1 0b are electrically connected to 
connectors arranged in body 2, so that they are selectively 

40 coupled to an electronic circuit inside body 2. Section 3 
also includes an alphanumeric input keyboard for entering 
transaction data, e.g., a total amount an item name, the 
date of purchase, etc. 

The electrical circuit arrangements of body 2 and cards 

45 8 and 9 will be described with reference to the accompany- 
ing drawings. 

The circuit arrangement of body 2 will be described 
with reference to Rg. 2A. Referring to Rg. 2A, interface 
section n has connectors which are to be connected to 

so connectors 10a and 10b of cards 8 and 9. Section 11 is 
connected to system bus 12. Bus 12 is connected to card 
loading mechanism 13, for conveying card 8 or 9 inserted 
in slot 7 to a predetermined position in body 2 or for 
ejecting it from slot 7; man program ROM 14; application 

55 program data storage volatile RAM 15; lamp drivers 16a, 
16b, 16c and I6d for driving lamps A to D; control circuit 
17; registers 18, 19 and 20; keyboard 5 of section 3; and 
display section 6. Circuit 17 includes ROM 17a, RAM 17b 
and comparator 17c. These circuits discriminate whether 

60 the IC card inserted in slot 7 is card 8 or 9. For example, in 
ROM 17a is prestored cod data representing the type of 
IC card. The corresponding cod data is stored in cards 8 
and 9. The code data read out from cards 8 and 9 is 

65 
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temporarily stored in RAM 17b, and is then compared with 
the data from ROM 17a by comparator 17c. When a 
coincidence between them' is established, circuit 17 deter- 
mines the type of. IC card inserted in slot 7. 

All the access program for card 9 is loaded from card 
8 into RAM 15 of terminal 1. But a part of the access 
program may be preset in ROM 14. In this case, the 
remaining part of the card access program is loaded in 
RAM 15 from card 8, and circuit 17 performs addressing 
through ROM 14 and RAM 15. Fig. 2B shows an address 
data format for addressing ROM 14 and RAM 15 by circuit 
17. The ROM section corresponds to ROM 14, and the 
RAM section corresponds to RAM 1 5. 

A primary account number (PAN) and encrypted data 
PAN' read out from card 9 are stored in registers 18 and 
19, respectively. Decryption key code data is read out from 
card 8 and is stored in register 20. Data PAN* and the 
decryption key code data, respectively stored in registers 19 
and 20, is supplied to decryption block 21. Block 21 de- 
crypts data PAN' in accordance with the decryption key 
code data to obtain data PAN. The decrypted data PAN is 
stored in register 22 and is supplied to one input terminal of 
comparator 23. Data PAN stored in register 18 is supplied 
to the other input terminal of comparator 23 wherein data 
PAN from register 22 is compared with data PAN from 
register 18 by comparator 23. A comparison result is sup- 
plied to circuit 17. The connectors arranged in section 11 
and mechanism 13 can be constituted by those described 
in U.S. Patent Application Serial No. 782,518. 

Fig. 3 shows the circuit arrangement of card 8 of Fig. 
1. Interface section 31 has connector 10a. Section 31 is 
connected to other circuits through system bus 32. Bus 32 
is connected to a ROM 33 storing system program data, a 
control circuit 34 including a CPU, and a register 35. 
Register 35 stores an administration identification number - 
(AIN) entered at key input section 3. Input data AIN is 
supplied to one input terminal of comparator 36. P restored 
data AIN is supplied from AIN memory 37 to the other input 
.terminal of comparator 36. Memory 37 is constituted by, for 
example, a PROM such as EPROM or EEPROM. The 
PROM stores any AIN data entered by an administrator, 
i.e., an authorized store clerk, for terminal 1 . Comparator 36 
then compares the content of register. 35 with that of 
memory" 37. A "comparison" result is supplied to' circuit 34 
and to one input terminal of AND gate 38. Application 
program data and decryption key code data are prestored in 
data ROM 39. The application program data is data to be 
preset in terminal 1 to execute various transaction oper- 
ations for card 9. The contents of the application program 
will be described below. The decryption key code data is 
the code data for decrypting the encrypted data read out 
from card 9. When a coincidence signal is generated by 
comparator 36, the data from ROM 39 is supplied to 
interface section 31 through gate 38 and system bus 32, 
and to terminal 1 through section 31 . 

The application program is defined as a program for 
executing customer IC card processing such as a cus- 
tomer's arbitrary PIN registration at the time of issuance of 
a new customer IC card, re-registration of the registered 
PIN, a transaction data check operation, a card check 
operation, and the like. 

Fig. 4 shows the circuit arrangement of card 9. Refer- 
ring to Fig. 4, interface section 41 has connector 10b of 
Fig. 1. Section 41 is connected to an internal electronic 
circuits in card 9 through system bus 42. Bus 42 is con- 
nected to system program ROM 43, control circuit 44 and 
register 45. Customer PIN entered at keyboard 5 is stored 
in register 45. This PIN data is supplied to one input 



terminal of comparator 46. Data PIN from memory 47 is 
supplied to the other input terminal of comparator 46. Mem- 
ory 47 comprises, for example, a PROM such as EPROM 
or EEPROM. Comparator 46 compares the input PIN data 
5 from register 45 with the PIN data readout from memory 
47. A comparison result is supplied to control circuit 44. 

PAN memory 48 and data memory 49 are also coup- 
led to bus 42. Memory 48 comprises, for example, a PROM 
such a EPROM or EEPROM. Memory 48 stores customer 

10 account number PAN and data PAN* obtained by encryp- 
ting data PAN according to the RSA encryption method. 
Memory 49 also comprises a PROM such as EPROM or 
EEPROM. Memory 49 sequentially stores a date (DT) data 
of purchase and total amount AMT. 

75 The operation of the arrangements shown in Figs. 1 to 

4 will be described with reference to flow charts of Figs. 5 
to 8. When a terminal power switch (not shown) in the 
terminal in Fig. 1 is turned on, circuit 17 is operated in 
accordance with the main program stored in ROM 14 in 

20 Fig. 2A, and processing shown in the flow chart of Fig. 5 is 
executed. At the time of power ON, the storage contents of 
RAM 15 are lost, and terminal 1 thus does not have a 
processing function for card 9. 

Circuit 17 determines in step A1 of Fig. 5 whether or 

25 not an IC card is inserted in slot 7. If NO in step A1 , circuit 
17 waits until an IC card is inserted in slot 7. However, if 
YES in step Al , the flow advances to step A2 and circuit 
17 awaits a key input When data PIN is entered at 
keyboard 5 of section 3, the input PIN data is transmitted to 

30 the IC card in step A3. Circuit 17 then awaits, data from the 
IC card in step A4. When signal data is sent back from the 
IC card, the flow advances to step A5. Circuit 1 7 checks in 
step A5 whether the signal from the IC card is an OK 
signal. 

35 In a store, card 8 is inserted in slot 7 in step Bl of Fig. 

6 after a power switch of terminal 1 is turned on. In step 
B2, the AIN data is entered at section 3. The input AIN 
data from section 1 1 is supplied to section 31 of card 8 in 
step A3 of Fig. 5 and is set in register 35. When the AIN 

40 data is sent from terminal 1 to card 8, comparator 36 
compares in step B3 of Fig. 6 the data set in register 35 
with the AIN data prestored in memory 37 to check whether 
a coincidence therebetween is established. In other words, 
comparator 36 checks "whether "or riot the user "of "card 8 is 

45 an authorized user. If YES in step B3, a coincidence signal 
from comparator 36 enables gate 38. In step B4, the 
application program data and the decryption key code data 
are sequentially read out from ROM 39. Both of the data 
from ROM 39 is supplied to terminal 1 through section 31. 

so When OK data is transmitted from card 8 to terminal 1 , the 
flow advances to step A6 in Fig. 5 to check whether the 
reception data is data from card 8. If YES in step A6, the 
flow advances to step A7. The reception data is stored in 
memory 15. In terminal 1, the application . program data 

55 from card 8 is stored in RAM 15, and the decryption key 
code data is set in register 20. Thereafter, as shown in step 
A8 of Fig. 5 and step B5 of Fig. 6, card 8 is ejected from 
slot 7, and terminal initialization is completed. 

When initialization of terminal 1 is completed, process- 

60 ing for card 9 can be performed. If NO in step A5 of Fig. 5, 
the flow advances to step A9, and caution lamp B is turned 
on by driver 16b to indicate that the input AIN does not 
coincide with the prestored AIN. Thereafter, card 8 is 
returned in step A10, and abnormal processing is com- 

65 pleted. 
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As described above, after the application program data 
is stored in RAM 15, and the decryption key code data is 
written in register 20, processing for card 9 can be per- 
formed. In this state, when the customer inserts his card 9 
through slot 7 and enters his own PIN, the. PIN comparison 
is performed and the validity of card 9 is checked as will be 
described later. If the OK signal cannot be obtained, the 
flow advances from step A5 to step A9 in Fig. 5. However, 
if the OK signal is detected, the flow advances to step Ai 1 
through step A6. Circuit 17 checks in step A11 whether the 
application program data is already written in RAM 15. 
When card 9 is used without setting the application program 
data in card 8 upon energization of terminal 1 , the decision 
step All is determined to be NO. The flow advances to 
step A12, and driver 16a is driven to turn on lamp A, 
thereby signalling to the customer that the data is not set in 
card 8. in step A10, card 9 is ejected from slot 7 and is 
returned to the customer. 

However, when circuit 17 determines in step A11 that 
the application program data and the decryption code data 
are set in RAM 15, the flow advances from step Ail to 
step A13. The application program processing is desig- 
nated, and item purchase processing (application program 
processing in Fig. 8 to be described later) in step A14 is 
performed. Thereafter, the flow advances to step A8, and 
card 9 is returned to the customer. Finally, the flow returns 
to step Ai. 

When the customer purchases an item, he inserts card 
9 in slot 7 of terminal 1 installed in a store and enters his 
own PIN at section 3, as shown in step Ci of Fig. 7. The 
input PIN is transmitted from section 1 1 to card 9 and is set 
in register 45 through section 41 and bus 42. When the 
PIN is set in register 45, the flow advances to step C2, and 
comparator 46 in card 9 compares the input PIN set in 
register 45 with the prestored PIN read out from memory 

46, the OK signal is transmitted from circuit 44 to terminal 1 
through section 41. When the OK signal from card 9 is 
received by terminal 1 , terminal 1 checks validity of card 9 
in step C3. In order to check the validity, terminal 1 reads 
out the personal account number PAN from memory 48 of 
card 9 and encrypted personal account number PAN* in 
step D1 in Ftg. 8. The PAN data and the PAN' data are 
stored in registers I8*and 19, respectively. The flow ad- 
vances to step D2. Encrypted personal account number 
PAN' is supplied from register 19 to block 21. Encrypted 
PAN* is decrypted in accordance with the decryption key 
code set in register 20. The decrypted personal account 
number (PAN> is stored in register 22. In step D3, the 
decrypted personal account number (PAN) written in regis- 
ter 22 is compared by comparator 23 with the personal 
account number PAN held in register 18. A comparison 
result is supplied to circuit 17. Circuit 17 discriminates in 
step- D3 whether the PAN from register 22 coincides with 
that from register 18. If NO in step D3, the flow advances 
to step D4. Driver 16c is operated to turn on (amp C, 
thereby indicating that card 9 is invalid. In step D5, card 9 
is returned to the customer, and abnormal processing is 
thus completed. When the coincidence signal is generated 
by comparator 23, the flow advances from step D3 to step 
D6, and driver 1 6d is driven to turn on OK lamp D. 
Subsequentfy r as shown in step D7 of Fig. 8 and step C4 
of Fig. 7, application processing is performed. Date DT data 
of purchase and total amount AMT data are- recorded in 
memory 49 in card 9. At the same time, the registration 



number of card 9 and the total amount are stored in 
terminal 1. The contents of memory 49 can be read out and 
displayed on display section 6, as needed. Thus, processing 
for card 9 is completed. 

5 In the above embodiment, the IC card is exemplified by 

a credit card. However, the IC card can also be used in 
other card systems such as a bank card. 

In the embodiment of Fig. 1, cards 8 and 9 are 
inserted in the same slot 7. The slot 7, however, can be 

10 used for only receive the customer card 9. In this case, the 
card 8 may be inserted in another slot (not shown) formed 
on the body 2 of terminal 1 . 

Since, customer card 9 may be formed in accordance 
with the ISO standard, the slot 7 of Fig. 1 should also be 

75 formed in accordance with the ISO standard. The card 8 
and the slot for receive the card 8, however, need not be 
formed in accordance with the ISO. 

According to the present invention as described above, 
a terminal initialization IC card is prepared. System softwar 

20 and/or personal identification data are supplied from the IC 
card to the terminal at the time of initialization of the IC card 
terminal. In this state, the IC card terminal can commu- 
nicate with the customer IC card. The initialization IC card 
and the customer IC card can be operated by the same 

25 interface, thus eliminating a special locking mechanism. 
Furthermore, since the initialization IC card is used only for 
initialization, only one initialization IC card is required for a 
plurality of terminals. Since the personal identification data 
or the like is supplied to the initialization IC card, secrecy 

30 and security can be assured even if the terminal is stolen. 
Since the personal identification data is supplied to the 
terminal using the initialization IC card, the identification 
data can be easily added or modified. As is apparent from 
the above description, illegal use of IC cards and IC card 

35 terminals by third parties other than authorized operators 
c^te^p^ - ^ 

Claims 

40 

1 . An IC card system characterized by comprising: 



an IC card terminal (1 ); 

45 

an initializing means (8) for storing data defining operation 
of said IC card terminal (1) and initializing said IC card 
terminal (1); and 

so a customer IC card (9) used with said IC card terminal {1 ). 



2. An IC card system according to clam 1, characterized in 
that said IC card terminal (1) includes first memory means - 
55 (14) for storing main program data used for a transaction 
with a customer and second memory means (1 5) for storing 
data defining initialization; 



60 said initializing means (8) has an initializing memory (39) for 
storing the data defining initialization supplied to said second 
memory means (15); and 

said customer IC card (9) is used for a transaction with a 
65 customer in combination with said IC card terminal (1 ). 



3. A system according to claim 2, characterized in that said 
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initializing means (8) includes comparing means (36) for 
terminal administrator identification number (A IN) data, said 
comparing means (36) being adapted to compare the AIN 
data and an AIN' entered at said terminal (1), and predeter- 
mined data being stored in said terminal (1) when a co- 
incidence is detected by said comparing means (36). 



7. A system according to claim 6, characterized in that an 
encryption algorithm is an RSA algorithm, and the decryp- 
tion key code is a public key. 

8. A system according to claim 3, characterized in that the 
predetermined data includes application program data for an 
IC card holder and decryption key code data, and 



said terminal (1 ) includes decrypting means (21 ), and com- 
paring means (23) for comparing the decrypted data from* 
said decrypting means (21) with predetermined encrypted 
data 



9. A system according to claim 8, characterized in, that an 
encrypting algorithm is an RSA algorithm, and the decryp- 
tion key code is a public key. 

10. A system according to claim 3, characterized in that 
said predetermined data is a part of a program for causing 
said terminal (i ) to access said customer IC card (9), 



said predetermined data includes decryption key code data; 

said terminal (1) includes decrypting means (21) and com- 
paring means (23) for comparing decrypted data from said 
decrypting means (21) and predetermined encrypted data, 
and 

said initializing IC card (8) includes means (31) for transmit- 
ting encrypting data and encrypted data to said terminal (i ). 



1 1 . A system according to claim 3 ? characterized in that an 



encryption algorithm is an RSA algorithm, and the decryp- 
tion key code is a public key. 

12. A system according to claim 3, further comprising 
5 noncoincidence indicating means (3) for receiving a non- " 

coincidence signal when said comparing means (36) de- 
tects a noncoincidence. 

13. A system according to claim 2, characterized by further 
comprising means (17) for accessing the customer IC card 
(9), said accessing means being provided with means (17) 
for distinguishing the customer IC card (9) from the initializ- 
ing IC card (8) and accessing the customer IC card (9) 
when said distinguishing means (17) determines that a card 
inserted is the customer IC card (9). 

14. A system according to claim 3, characterized in that 
said initializing means comprises an initializing IC card (8). 

15. A system according to claim 14, characterized in that 
said initializing IC card (8) and customer IC card (9) are 
prepared in conformity with the ISO standard, and said IC 
card terminal (1) has a card receiving port (7) commonly 
used for both said initializing and customer cards. 

16. A 'method of using an IC card, characterized by com- 
prising the steps of. 



30 applying an initializing means (8) for a terminal* administrator 
into an IC card terminal (1); 

loading predetermined data in said IC card terminal (1); 

35 applying a customer IC card (9) in said IC card terminal - 
(1 ); and 

accessing predetermined processing for the customer IC 
card (9) on the basis of the predetermined data. 

40 

17. A method according to claim 16, characterized in that 
an AIN is entered with the applied initializing, means (8) in 
said IC card terminal. (1) and is identified, and a next step is 

45 initiated when a coincidence signal is obtained. 

18. A method according to claim 16, characterized in that 
the predetermined data is an application program for a 
customer so as to perform application service for a cus- 

50 tomer IC card holder. 

19. A method according to claim 16, characterized in that 
the predetermined data is a part of a program for accessing 
the customer IC card in said terminal (1 ), and said terminal 

55 (1) receives the predetermined data to execute the program 
for the customer IC card (9). 

20. A method according to claim 16, characterized in that 
the predetermined data is the decryption data, and the 

60 encrypted data from the customer IC card (9) is decrypted 
by said terminal (1) so as to determine validity of the 
customer IC card (9). 



4. A system according to claim 3, characterized in that the 
predetermined data is application program data for an IC 
card holder. io 

5. A system according to claim 3, characterized in that the 
predetermined data is a part of a program for causing said 
terminal (1 ) to access said customer IC card (9). 

75 

6. A system according to claim 3, characterized in that the 
predetermined data includes decryption key code data, 



said terminal (1) includes decrypting means (21) and com- 20 
paring means (23) for comparing data decrypted by said 
decrypting means (21) with predetermined encrypted data, 
and 

said initializing IC card (8) includes means (31 ) for transmit- 25 
ting encrypting data and encrypted data to said terminal (1 ). 
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